This is a static dump of issues in the old "Flyspray" bugtracker for DokuWiki. Bugs and feature requests
are now tracked at the issue tracker at Github.

Closed
Not a bug

FS#1544 Overlapping permissions result in lockout

ACL & Authentication

2008-12-04Zian

Steps to Reproduce:
Put a user into 2 different groups (e.g. art and writing). Writing
cannot access the art:private namespace and art cannot access the writing:private namespace. Art can access art:private and writing can access writing:private.

Now, log in as the user. You will be unable to go to art:private.

2008-12-06ach

I was not able to reproduce this. In my wiki (tested 2008-05-05 and development version) the appointed user can view and edit in both namespaces. (As is exactly how it should be: "The rule which gives the highest permission is used.")

This is an intended behaviour of the ACL system. I appreciate its counter intuitive, but our aim is to ensure the system uses a minimum of resources and is quick.

The system will prefer an ACL rule that matches closer to the namespace:page over one that matches further away. When more than one rule matches at the same level it will use the rule with the higher access level. I will review the documentation to make that clearer.

A better way to organize your rules is

art:private:* @ALL 0 # this will override all the * @somegroup 16 rules, as it is closer to the art:private namespace
art:private:* @artists 16 # counter above rule for members of the artists group